Replies: 1 comment 8 replies
-
The dance native encryption does is that each dataset gets a key for its lifetime, and then that is encrypted with whatever you initially gave it as key material (a passphrase + pbkdf, or some raw bytes). That is used, to my understanding, to square the circle around the fact that ZFS can't really go retroactively rewrite your data if you change the key out, so you do this dance to swap the key that decrypts the key that the tooling doesn't give you an easy way to get at to give you some level of key changing functionality on something that assumes your data is immutable until deleted once written. The man page is basically saying if you have the previously encrypted version of the master key and know what was used to decrypt that, you can still derive the master key, since the actual master key doesn't change. I believe the reason it doesn't make any promises about when that goes away on disk is that there's not really any logic in the ZFS code to control when that happens, since there's not really a good way for the "FS" part of the code to say "overwrite these specific parts of the object, please, once it's no longer in use", since once it's no longer in use, you no longer have anything describing where it used to be. I think it'd be a little exciting to convince the code to do it, as well, since you'd basically want a background thread that waits until nobody else is looking at the object, then scribbles over it and frees it, while also avoiding something like |
Beta Was this translation helpful? Give feedback.
-
Reading man page on
zfs change-key
and watching ZFS Native Encryption presentation, honestly brings a bunch of questions that I am struggling to search for on the web.This docs quote:
leaves an impression of
change-key
as some kind of placeholder function that brings no value until underlying mechanism is refined.Trying to understand the threat surface here, assuming that user's wrapping key is compromised.
How exactly it is possible to further compromise wrapped master key as well?
If
change-key does not overwrite the previous wrapped master key on disk
, what is its purpose at all and where the new wrapped key goes?Will there be accumulated a log of sorts of all the wrapped keys that were in use?
Why it behaves this way in the first place?
Beta Was this translation helpful? Give feedback.
All reactions